#GTX400 912BM SIM7600 Wi-Fi #VERSION 2.2 (udpate from 07.02.2020) #RouterOS 6.45.6 /system logging action set 1 disk-file-count=3 /system logging set 0 action=memory set 1 action=disk set 2 action=disk set 3 action=memory add action=memory topics=async disabled=yes add action=memory topics=debug disabled=yes :global NUM 0 :global ALLNUM 28; :global VER [:pick [/system resource get version] 0 4] :global MODEL [:pick [/system routerboard get model] 0 3] :log warning "SETTINGS_START_INSTALL" /system routerboard settings set cpu-frequency=600MHz init-delay=5s /system routerboard usb set type=mini-PCIe :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".MINI-PCI ACTIVATED" /system identity set name=GTX400-912BM-WiFi :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_IDENTITY"; :delay 3s /interface ppp-client remove [find name="ppp-out1"] :delay 3s /interface lte set comment="WAN" numbers=lte1 :delay 3s /interface lte apn set [find name="default"] default-route-distance=1 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_LTE"; :delay 5s /interface ethernet set [ find default-name=ether1 ] comment="LAN" :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_LAN" :delay 3s /interface bridge add name=bridge1 comment="LAN" :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_BRIDGE"; /interface list add name=WAN add name=LAN /interface list member add interface=lte1 list=WAN add interface=bridge1 list=LAN :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_LISTS" /interface wireless security-profiles add authentication-types=wpa2-psk eap-methods="" group-ciphers=aes-ccm \ management-protection=allowed mode=dynamic-keys name=teleofis-sp \ supplicant-identity=TELEOFIS unicast-ciphers=aes-ccm \ wpa2-pre-shared-key=11122233344455566677788899 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_WIFI_PROFILE"; /interface wireless set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\ 20/40mhz-Ce disabled=no distance=indoors frequency=auto \ hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=disabled \ rx-chains=0,1 security-profile=teleofis-sp ssid=GTX400 tx-chains=0,1 \ tx-power-mode=default country=russia3 wireless-protocol=802.11 \ wps-mode=disabled mtu=1500 wmm-support=enabled frequency-mode=regulatory-domain \ adaptive-noise-immunity=ap-and-client-mode name="wlan1" radio-name="GTX400912BM$"SERIAL"" comment="WIFI" /interface wireless nstreme set [ find name=wlan1 ] enable-polling=no :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_WIFI"; /interface bridge port add bridge=bridge1 comment="LAN" interface=ether1 add bridge=bridge1 comment="LAN" interface=wlan1 :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_BRIDGE_PORTS"; /ip firewall raw add chain=prerouting action=drop in-interface-list=WAN protocol=udp dst-port=53 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_RAW_RULE" /ip firewall nat add action=masquerade chain=srcnat comment="LAN to WAN" out-interface-list=WAN :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_NAT"; /ip firewall filter add action=accept chain=input connection-state=established,related comment="Accept established,related on chain input" add action=drop chain=input connection-state=invalid comment="Drop invalid on chain input" add action=accept chain=input protocol=icmp comment="Accept ICMP" add action=drop chain=input in-interface-list=!LAN comment="Drop all not coming from LAN on chain input" add action=accept chain=forward connection-state=established,related comment="Accept established,related on chain forward" add action=drop chain=forward connection-state=invalid comment="Drop invalid on chain forward" add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN comment="Drop all from WAN not DSTNATed on chain forward" :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_FILTER_RULES"; /ip service disable api disable api-ssl disable ftp disable www-ssl set telnet address=192.168.88.0/24 :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_SERVICES"; /ip neighbor discovery-settings set discover-interface-list=LAN :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_DISCOVERY"; /ip dns set allow-remote-requests=yes :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_DNS"; /ip cloud set update-time=no :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".DISABLE_IPCLOUD_UPD_TIME"; /system clock set time-zone-autodetect=no time-zone-name=Europe/Moscow :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_TIME_ZONE"; /system ntp client set enabled=yes server-dns-names=\ ntp4.stratum2.ru,ntp3.stratum2.ru,ntp5.stratum1.ru,timeserver.ru :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_NTP_CLIENT"; /system note set note="\ \n TTTTTTTT EEEEEE LL EEEEEE OOOO FFFFFF IIII SSSSS\ \n TT EE LL EE OO OO FF II SS\ \n TT EEEEEE LL EEEEEE OO OO FFFFFF II SSSSS\ \n TT EE LL EE OO OO FF II SS\ \n TT EEEEEE LLLLLL EEEEEE OOOO FF IIII SSSSS\ \n\ \n Teleofis for MikroTik RouterOS $"VER" (c) 2004-2019 http://teleofis.ru/\ \n\ \n" :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_LOGO"; /system script add name=watchdog_script policy=reboot,read,write,test dont-require-permissions=yes \ source=":global ITERATION 0;\r\ \n:global IP1\r\ \n:global IP2\r\ \n:global ITERATION1 0;\r\ \n\r\ \n:do {\r\ \n :set \$IP1 [:resolve yandex.ru]\r\ \n} on-error={\r\ \n :set \$IP1 77.88.8.8\r\ \n}\r\ \n:do {\r\ \n :set \$IP2 [:resolve google.com]\r\ \n} on-error={\r\ \n :set \$IP2 8.8.8.8\r\ \n}\r\ \n\r\ \n:log debug \"watchdog: Start Watchdog\";\r\ \n:while (true) do={\r\ \n :if ([:len [/system resource usb find]] < 2) do={\r\ \n :log error \"watchdog: Could not Find Modem Card - REBOOT\"\r\ \n :delay 5s\r\ \n /system reboot\r\ \n :delay 1s\r\ \n }\r\ \n :if ([/port get number=0 channel] != 1) do={\r\ \n :log error \"watchdog: Invalid Number of Channels - REBOOT\"\r\ \n :delay 5s\r\ \n /system reboot\r\ \n :delay 1s\r\ \n }\r\ \n :if ([/port find inactive=no] != \"\") do={\r\ \n :global PING1 [/ping \$IP1 count=10]\r\ \n :if (\$PING1 > 5) do={\r\ \n :log info \"watchdog: Ping 1 Watchdog - OK\"\r\ \n :quit;\r\ \n }\r\ \n :global PING2 [/ping \$IP2 count=10];\r\ \n :if (\$PING2 > 5) do={\r\ \n :log info \"watchdog: Ping 2 Watchdog - OK\"\r\ \n :quit;\r\ \n }\r\ \n :if (\$ITERATION < 3) do={\r\ \n :log warning \"watchdog: Could not Ping - RECONNECT\"\r\ \n /interface lte set lte1 disabled=yes\r\ \n :delay 5s\r\ \n /interface lte set lte1 disabled=no\r\ \n :set \$ITERATION (\$ITERATION+1)\r\ \n :delay 40s\r\ \n } else={\r\ \n :if (\$ITERATION1 = 1) do={\r\ \n :log warning \"watchdog: Could not Ping - REBOOT\"\r\ \n /system reboot\r\ \n :delay 1s\r\ \n }\r\ \n :log error \"watchdog: Could not Ping - USB POWER-RESET\"\r\ \n /system routerboard usb power-reset duration=5\r\ \n :delay 50s\r\ \n :set \$ITERATION1 (\$ITERATION1+1)\r\ \n :set \$ITERATION 0\r\ \n }\r\ \n } else={\r\ \n :log error \"watchdog: Could not Find Port - REBOOT\"\r\ \n /system reboot\r\ \n :delay 1s\r\ \n }\r\ \n}" :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_WATCHDOG"; /system scheduler add disabled=no interval=10m name=watchdog on-event="watchdog_script" policy=reboot,read,write,test \ start-time=startup :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".RUN_WATCHDOG"; :global LEDSTATUS [/system leds find disabled=no]; :if ($LEDSTATUS != "") do={ /system leds set 0 interface=lte1 leds=user-led type=interface-transmit add interface=lte1 leds=led1,led2,led3,led4,led5 modem-signal-treshold=-105 type=modem-signal } else={ /system leds add interface=lte1 leds=user-led type=interface-transmit add interface=lte1 leds=led1,led2,led3,led4,led5 modem-signal-treshold=-105 type=modem-signal } :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_LED"; /ip pool add name=dhcp-pool1 ranges=192.168.88.10-192.168.88.250 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_DHCP-POOL"; /ip address add address=192.168.88.1/24 comment="LAN" interface=bridge1 network=192.168.88.0 :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_ADDRESS"; /ip dhcp-server network add address=192.168.88.0/24 comment="LAN" dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_DHCP_SERVER_NETWORK"; /ip dhcp-server add add-arp=yes address-pool=dhcp-pool1 bootp-lease-time=lease-time \ bootp-support=dynamic disabled=no interface=bridge1 lease-time=3d name=\ dhcp-server1 :set $NUM ($NUM+1) :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_DHCP_SERVER"; /tool mac-server set allowed-interface-list=LAN :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".SET_MAC_SERVER"; /system backup save name="factory_gtx400_$"MODEL"bm_$"VER"" :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".ADD_BACKUP"; /system routerboard upgrade :set $NUM ($NUM+1); :log warning "STEP_$"NUM"_OUT_OF_$"ALLNUM".UPGRADE_ROUTERBOARD"; /system note set show-at-login=no /file remove [ find type="directory" ] remove [ find type="package" ] remove [ find type=".fwf file" ] remove [ find type=".rif file" ] remove [ find type="web-proxy store" ] :log warning "SETTINGS_INSTALL_END" :log warning "REBOOT" /system reboot